Question No: 1001 – (Topic 5)

When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann’s workstation. Which of the following could have prevented this from happening?

Password complexity policy

User access reviews

Shared account prohibition policy

User assigned permissions policy

Answer: A Explanation:

The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Since changes were made to Ann’s desktop configuration settings while she was not at work, means that her password was compromised.

Topic 6, Cryptography

Question No: 1002 – (Topic 6)

Symmetric encryption utilizes , while asymmetric encryption utilizes

.

Public keys, one time

Shared keys, private keys

Private keys, session keys

Private keys, public keys

Answer: D Explanation:

Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key.

In more detail:

Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn’t disclosed to people who aren’t authorized to use the encryption system.

Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

Question No: 1003 – (Topic 6)

The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following?

Stream ciphers

Transport encryption

Key escrow

Block ciphers

Answer: B Explanation:

Transport encryption is the process of encrypting data ready to be transmitted over an insecure network. A common example of this would be online banking or online purchases where sensitive information such as account numbers or credit card numbers is transmitted.

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

Question No: 1004 – (Topic 6)

After encrypting all laptop hard drives, an executive officer’s laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data.

Which of the following can be used to decrypt the information for retrieval?

Recovery agent

Private key

Trust models

Public key

Answer: A Explanation:

To access the data the hard drive need to be decrypted. To decrypt the hard drive you would need the proper private key. The key recovery agent can retrieve the required key. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed.

Question No: 1005 – (Topic 6)

Which of the following is used to certify intermediate authorities in a large PKI deployment?

Root CA

Recovery agent

Root user

Key escrow

Answer: A Explanation:

The root CA certifies other certification authorities to publish and manage certificates within the organization.

In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t. This arrangement allows a high level of control at all levels of the hierarchical tree. .

Question No: 1006 – (Topic 6)

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

Web of trust

Non-repudiation

Key escrow

Certificate revocation list

Answer: C Explanation:

Key escrow is a database of stored keys that later can be retrieved.

Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee’s private messages have been called into question.

Question No: 1007 – (Topic 6)

The security administrator installed a newly generated SSL certificate onto the company web server. Due to a misconfiguration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised?

The file containing the recovery agent’s keys.

The file containing the public key.

The file containing the private key.

The file containing the server’s encrypted passwords.

Answer: B Explanation:

The public key can be made available to everyone. There is no need to reissue the certificate.

Question No: 1008 – (Topic 6)

A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

AES

3DES

RC4

WPA2

Answer: B Explanation:

3DES (Triple DES) is based on DES.

In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it (e.g. EMV). Microsoft OneNote, Microsoft Outlook 2007, and Microsoft System Center Configuration Manager 2012, use Triple DES to password protect user content and system data.

Question No: 1009 – (Topic 6)

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

Private hash

Recovery agent

Public key

Key escrow

CRL

Answer: B,D Explanation:

B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data.

A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys.

D: If a key need to be recovered for legal purposes the key escrow can be used.

Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee’s private messages have been called into question.

Question No: 1010 – (Topic 6)

Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?

Joe’s public key

Joe’s private key

Ann’s public key

Ann’s private key

Answer: D Explanation:

The sender uses his private key, in this case Ann#39;s private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.

The receiver uses a key provided by the sender-the public key-to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.